def test_login_with_id(rf, db, admin_user, monkeypatch):
request = rf.post("/")
request.user = admin_user
login_user = MagicMock()
monkeypatch.setattr("hijack.views.login_user", login_user)
user = get_user_model().objects.create(pk=123)
with pytest.deprecated_call():
views.login_with_id(request, 123)
login_user.assert_called_once_with(request, user)
def become(request):
if not request.user.is_apply_staff:
raise PermissionDenied()
id = request.POST.get('user')
if request.POST and id:
target_user = User.objects.get(pk=id)
if target_user.is_superuser:
raise PermissionDenied()
return login_with_id(request, id)
return redirect('users:account')
def become(request):
id = request.POST['user']
if request.POST and id:
return login_with_id(request, id)
return redirect('users:account')